PHP versions 5.3.x earlier than 5.3.15 are affected by the following vulnerabilities.
An unspecified error exists that can allow the ‘open_basedir’ constraint to be bypassed. (CVE-2012-3365)
Binary data 6556.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3365
www.php.net/ChangeLog-5.php#5.3.15